There is high CPU usage and a build-up of TMP files in the Data Loss Prevention Server, at the following location:
C:\users\<User Name>\appData\Local\Temp \DetectionServerContentExtraction\KP_xxxxxxxxxxxx (TMP Files)
This may occur after an upgrade.
DLP versions prior to 15.8.
By default, the ContentExtraction.TemporaryDirectory is not set in advanced settings. Therefore, the system creates a subdirectory with a prefix name "DetectionServerContentExtractionTemporary"
This incorrectly uses the mktemp api in Java to create the directory and passes on the name.
In some cases, such as with Network Monitor, the issue can prevent FileReader from starting.
This issue will be fixed in a future DLP release (most likely Orion, as per Etrack).
If FileReader is not starting, the issue is accompanied by the following:
Date: 3/12/2020 4:01:12 PM
Class: com.vontu.messaging.FileReaderSetup
Method: initialize
Level: SEVERE
Message: (DETECTION.3) Failed to initialize Detection
java.lang.RuntimeException: Failed to create content extraction service temporary directory
at com.vontu.cracker.jni.EngineContext.setupTemporaryDirectory(EngineContext.java:62)
at com.vontu.cracker.jni.EngineContext.<init>(EngineContext.java:86)
at com.vontu.cracker.NativeExtractionEngine.<init>(NativeExtractionEngine.java:82)
at com.vontu.cracker.NativeExtractionEngine.<init>(NativeExtractionEngine.java:43)
at com.vontu.detection.ExtractionEngineFactoryLoader.loadExtractorFactory(ExtractionEngineFactoryLoader.java:39)
at com.vontu.messaging.FileReader.initializeContentExtractionServices(FileReader.java:620)
at com.vontu.messaging.FileReader.start(FileReader.java:390)
at com.vontu.messaging.FileReaderSetup.initialize(FileReaderSetup.java:105)
at com.vontu.messaging.FileReader.main(FileReader.java:297)
Caused by: java.nio.file.AccessDeniedException: /opt/Symantec/DataLossPrevention/DetectionServer/15.5/Protect/bin/TempCEHFiles
at sun.nio.fs.UnixException.translateToIOException(UnixException.java:84)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:102)
at sun.nio.fs.UnixException.rethrowAsIOException(UnixException.java:107)
at sun.nio.fs.UnixFileSystemProvider.createDirectory(UnixFileSystemProvider.java:384)
at java.nio.file.Files.createDirectory(Files.java:674)
at java.nio.file.Files.createAndCheckIsDirectory(Files.java:781)
at java.nio.file.Files.createDirectories(Files.java:767)
at com.vontu.cracker.jni.EngineContext.setupTemporaryDirectory(EngineContext.java:58)
... 8 more
Date: 3/12/2020 4:01:12 PM
Class: com.vontu.logging.LocalLogWriter
Method: write
Level: SEVERE
Message: File Reader failed to start. Error starting File Reader. Failed to create content extraction service temporary directory No incidents will be detected.
Resolution:
Instead of only putting TempCEHFiles, please create a directory with TempCEHFiles anywhere in any drive like below:
C:\Program Files\Symantec\DataLossPrevention\DetectionServer\15.7\Protect\temp\TempCEHFiles\
or
C:\TempCEHFiles\
Then paste this as a full location in the above step 2.